Vulnerability Details CVE-2022-35951
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.815
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 7.0
References
- https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7INCOOFPPEAKNDBZU3TIZJPYXBULI2C/
- https://security.gentoo.org/glsa/202209-17
- https://security.netapp.com/advisory/ntap-20221020-0005/
- https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7INCOOFPPEAKNDBZU3TIZJPYXBULI2C/
- https://security.gentoo.org/glsa/202209-17
- https://security.netapp.com/advisory/ntap-20221020-0005/
Products affected by CVE-2022-35951
-
cpe:2.3:a:redis:redis:7.0.0
-
cpe:2.3:a:redis:redis:7.0.1
-
cpe:2.3:a:redis:redis:7.0.2
-
cpe:2.3:a:redis:redis:7.0.3
-
cpe:2.3:a:redis:redis:7.0.4
-
cpe:2.3:o:fedoraproject:fedora:37